Vulnerabilities > Pifzer > Plum A 3 Infusion System Firmware > Critical

DATE CVE VULNERABILITY TITLE RISK
2019-03-25 CVE-2015-3956 Insufficient Verification of Data Authenticity vulnerability in Pifzer products
Hospira Plum A+ Infusion System version 13.4 and prior, Plum A+3 Infusion System version 13.6 and prior, and Symbiq Infusion System, version 3.13 and prior accept drug libraries, firmware updates, pump commands, and unauthorized configuration changes from unauthenticated devices on the host network.
network
low complexity
pifzer CWE-345
critical
 9.8
9.8
2019-03-25 CVE-2015-3953 Use of Hard-coded Credentials vulnerability in Pifzer products
Hard-coded accounts may be used to access Hospira Plum A+ Infusion System version 13.4 and prior, Plum A+3 Infusion System version 13.6 and prior, and Symbiq Infusion System, version 3.13 and prior.
network
low complexity
pifzer CWE-798
critical
 9.8
9.8
2019-03-25 CVE-2015-3954 Improper Authorization vulnerability in Pifzer products
Hospira Plum A+ Infusion System version 13.4 and prior, Plum A+3 Infusion System version 13.6 and prior, and Symbiq Infusion System, version 3.13 and prior give unauthenticated users root privileges on Port 23/TELNET by default.
network
low complexity
pifzer CWE-285
critical
 9.8
9.8